fix sniffer crash with reassembly processing

This commit is contained in:
John Safranek 2015-08-20 13:33:44 -07:00
parent a47af476d1
commit a93aa8972e

View File

@ -2617,30 +2617,32 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
word32* length = (session->flags.side == WOLFSSL_SERVER_END) ?
&session->sslServer->buffers.inputBuffer.length :
&session->sslClient->buffers.inputBuffer.length;
byte* myBuffer = (session->flags.side == WOLFSSL_SERVER_END) ?
session->sslServer->buffers.inputBuffer.buffer :
session->sslClient->buffers.inputBuffer.buffer;
word32 bufferSize = (session->flags.side == WOLFSSL_SERVER_END) ?
session->sslServer->buffers.inputBuffer.bufferSize :
session->sslClient->buffers.inputBuffer.bufferSize;
byte** myBuffer = (session->flags.side == WOLFSSL_SERVER_END) ?
&session->sslServer->buffers.inputBuffer.buffer :
&session->sslClient->buffers.inputBuffer.buffer;
word32* bufferSize = (session->flags.side == WOLFSSL_SERVER_END) ?
&session->sslServer->buffers.inputBuffer.bufferSize :
&session->sslClient->buffers.inputBuffer.bufferSize;
SSL* ssl = (session->flags.side == WOLFSSL_SERVER_END) ?
session->sslServer : session->sslClient;
while (*front && ((*front)->begin == *expected) ) {
word32 room = bufferSize - *length;
word32 room = *bufferSize - *length;
word32 packetLen = (*front)->end - (*front)->begin + 1;
if (packetLen > room && bufferSize < MAX_INPUT_SZ) {
if (packetLen > room && *bufferSize < MAX_INPUT_SZ) {
if (GrowInputBuffer(ssl, packetLen, *length) < 0) {
SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
return 0;
}
room = *bufferSize - *length; /* bufferSize is now bigger */
}
if (packetLen <= room) {
PacketBuffer* del = *front;
byte* buf = *myBuffer;
XMEMCPY(&myBuffer[*length], (*front)->data, packetLen);
XMEMCPY(&buf[*length], (*front)->data, packetLen);
*length += packetLen;
*expected += packetLen;
@ -2654,9 +2656,9 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
break;
}
if (moreInput) {
*sslFrame = myBuffer;
*sslFrame = *myBuffer;
*sslBytes = *length;
*end = myBuffer + *length;
*end = *myBuffer + *length;
}
return moreInput;
}